CVE-2019-2742

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 11.1.1.9.0

Description The issue affects the Oracle BI Publisher component, specifically the Web Service API subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks can result in unauthorized access to Oracle BI Publisher data, including update, insert, or delete access to some data and read access to a subset of data.

Recommendations For version 11.1.1.9.0, update to a version that includes the fix for this issue to prevent unauthorized access to Oracle BI Publisher data. As a temporary workaround, consider restricting access to the Web Service API to minimize the risk of exploitation.